fix: use effective uid instead of uid

src/ahriman/core/utils.py

@@ -192,7 +192,7 @@ def check_user(root: Path, *, unsafe: bool) -> None:
     if unsafe:
         return  # unsafe flag is enabled, no check performed
 
-    current_uid = os.getuid()
+    current_uid = os.geteuid()
     root_uid, _ = owner(root)
 
     if current_uid != root_uid:

src/ahriman/models/repository_paths.py

@@ -239,7 +239,7 @@ class RepositoryPaths(LazyLogging):
         # the reason we do this is that it only works if permissions can be actually changed. Hence,
         # non-privileged user (e.g. personal user or ahriman user) can't change permissions.
         # The only one who can do so is root, so if user is not root we just terminate function
-        current_uid, current_gid = os.getuid(), os.getgid()
+        current_uid, current_gid = os.geteuid(), os.getegid()
         if current_uid != 0:
             yield
             return

tests/ahriman/core/test_utils.py

@@ -160,7 +160,7 @@ def test_check_user(repository_id: RepositoryId, mocker: MockerFixture) -> None:
     must check user correctly
     """
     paths = RepositoryPaths(Path.cwd(), repository_id)
-    mocker.patch("os.getuid", return_value=paths.root_owner[0])
+    mocker.patch("os.geteuid", return_value=paths.root_owner[0])
     check_user(paths.root, unsafe=False)
 
 
@@ -177,7 +177,7 @@ def test_check_user_exception(repository_id: RepositoryId, mocker: MockerFixture
     must raise exception if user differs
     """
     paths = RepositoryPaths(Path.cwd(), repository_id)
-    mocker.patch("os.getuid", return_value=paths.root_owner[0] + 1)
+    mocker.patch("os.geteuid", return_value=paths.root_owner[0] + 1)
 
     with pytest.raises(UnsafeRunError):
         check_user(paths.root, unsafe=False)
@@ -188,7 +188,7 @@ def test_check_user_unsafe(repository_id: RepositoryId, mocker: MockerFixture) -
     must skip check if unsafe flag is set
     """
     paths = RepositoryPaths(Path.cwd(), repository_id)
-    mocker.patch("os.getuid", return_value=paths.root_owner[0] + 1)
+    mocker.patch("os.geteuid", return_value=paths.root_owner[0] + 1)
     check_user(paths.root, unsafe=True)
 
 

tests/ahriman/models/test_repository_paths.py

@@ -198,8 +198,8 @@ def test_preserve_owner(tmp_path: Path, repository_id: RepositoryId, mocker: Moc
     """
     must preserve file owner during operations
     """
-    mocker.patch("os.getuid", return_value=0)
+    mocker.patch("os.geteuid", return_value=0)
-    mocker.patch("os.getgid", return_value=0)
+    mocker.patch("os.getegid", return_value=0)
     seteuid_mock = mocker.patch("os.seteuid")
     setegid_mock = mocker.patch("os.setegid")
 
@@ -214,8 +214,8 @@ def test_preserve_owner_exception(tmp_path: Path, repository_id: RepositoryId, m
     """
     must return to original uid and gid even during exception
     """
-    mocker.patch("os.getuid", return_value=0)
+    mocker.patch("os.geteuid", return_value=0)
-    mocker.patch("os.getgid", return_value=0)
+    mocker.patch("os.getegid", return_value=0)
     mocker.patch("pathlib.Path.mkdir", side_effect=Exception)
     seteuid_mock = mocker.patch("os.seteuid")
     setegid_mock = mocker.patch("os.setegid")
@@ -232,8 +232,8 @@ def test_preserve_owner_non_root(tmp_path: Path, repository_id: RepositoryId, mo
     """
     must skip processing if user is not root
     """
-    mocker.patch("os.getuid", return_value=42)
+    mocker.patch("os.geteuid", return_value=42)
-    mocker.patch("os.getgid", return_value=42)
+    mocker.patch("os.getegid", return_value=42)
     repository_paths = RepositoryPaths(tmp_path, repository_id)
     seteuid_mock = mocker.patch("os.seteuid")
     setegid_mock = mocker.patch("os.setegid")